Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nonce/Hash in Blazor (CSP) #22121

Closed
jvallejoa opened this issue Apr 24, 2021 · 1 comment
Closed

Nonce/Hash in Blazor (CSP) #22121

jvallejoa opened this issue Apr 24, 2021 · 1 comment
Assignees
@guardrex
Labels
Blazor product-feedback product-question Source - Docs.ms Docs Customer feedback via GitHub Issue

Comments

@jvallejoa
Copy link

jvallejoa commented Apr 24, 2021
edited
Loading

Great doc, but nowadays it's a must to implement CSP by nonce and hash approaches in modern web apps. Could you give us some real examples of the use nonce and hash in blazor wasm and server. So far I can't find a simple way to add dynamic content in tag header at index.html.
Thanks
Juan Vallejo

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@dotnet-bot dotnet-bot added ⌚ Not Triaged Blazor Source - Docs.ms Docs Customer feedback via GitHub Issue labels Apr 24, 2021
@guardrex guardrex self-assigned this Apr 24, 2021
@jvallejoa jvallejoa changed the title Bounces in blazor Nounce/Hash in Blazor (CSP) Apr 24, 2021
@guardrex
Copy link
Collaborator

guardrex commented Apr 24, 2021
edited
Loading

Hello @jvallejoa ... There will be some control over some tags in the page's <head> for 6.0, but they'll only be for Link, Meta, and Title (probably).

I think the original feature, which was going to be for the 5.0 release but was pushed back because they weren't happy with it, relied on JS interop to actually interact with the <head> elements. True, we don't have an example exactly like that in our JS interop docs.

The PU issue is at 👉 dotnet/aspnetcore#25705 ... and there's some discussion there. I see that Damian has a bit of code up as a suggestion for how it might work. I think he uses JS interop and a custom component (or a few) to do it. You can also see if you can track down Mackinnon's original code for Link, Title, and Meta to see how he did it ... it's probably on an old branch over there somewhere.

This is ultimately a feature request for the Blazor framework. It's not really a docs scenario at the moment. Although, I admit that it might be nice somewhere to document that control of <head> elements isn't supported outside of JS interop. I'll consider that for a future update. I'm going to add a cross-link to this issue to a tracking issue of doc subjects that we might want to cover.

I'm going to close this issue, but pick up with this on that PU issue that I cross-linked ☝️. You can ask them about your ideas there for CSP or a generic, direct way to interact with any <head> element. They might ask you to open a new issue there if it doesn't pertain to Link, Title, and Meta tags. I'm not sure how general they will allow the discussion on that issue.

If you do open a new issue on the subject with them, please add a cc: @guardrex to your opening comment so that I can follow the discussion.

@guardrex guardrex mentioned this issue Apr 24, 2021
Closed
@jvallejoa jvallejoa changed the title Nounce/Hash in Blazor (CSP) Nonce/Hash in Blazor (CSP) Apr 24, 2021
@guardrex guardrex mentioned this issue May 21, 2021
Closed
41 tasks
@guardrex guardrex mentioned this issue Aug 2, 2021
Closed
@erossini erossini mentioned this issue Nov 17, 2021
Closed
@Rick-Anderson Rick-Anderson moved this to Done in Blazor.Docs Oct 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@guardrex guardrex

Labels
Blazor product-feedback product-question Source - Docs.ms Docs Customer feedback via GitHub Issue
Projects
Blazor.Docs
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@guardrex @jvallejoa @dotnet-bot